SLFO-pool/libkcapi
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main libkcapi revision 512af85531760fe64568fa2e8b87af7d

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-03 15:12:27 +02:00
commit 33d1522db4
6 changed files with 487 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
libkcapi-1.4.0.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

11
libkcapi-1.4.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmISvaAACgkQQh7pNjJq
wVv6jggAh7UpchOXZ1THbDZ0PE+YGWSr3Y3qKHMls9ixNn/RDSYxPvyZqc6pIAKQ
zVA6bGtB9kqcSexmrk2EyiUYgi1lo+5HwsfAfHBQaq7vD1S8Q/FYx/XVRv2GQfkj
/E1ivlcdcInlpn+vu+7Hei+H/IXtETh8QPwGwRI1Je84pIt7K4K4VPwWpur0su6E
oF1AFT6ldlMczsoDTCi3eP3rZWKvMmX5718W9F6eKuTkKoIiipCUxdMBy4f6YpDB
1ZmQPHjSgG4URlclQnFiGXYAbMBRHYfguJRl/HjZWSQMigRzqGSdvJR8wrfMeQzr
Bk0z0nGayzHgcC7gPz8CsAMJj5C9eQ==
=OA3o
-----END PGP SIGNATURE-----

229
libkcapi.changes Normal file
View File

@ -0,0 +1,229 @@
-------------------------------------------------------------------
Mon Mar 6 15:17:46 UTC 2023 - Marcus Meissner <meissner@suse.com>
- libkcapi was actually signed by the wrong key (bsc#1207892)
-------------------------------------------------------------------
Tue Apr 26 12:45:21 UTC 2022 - Marcus Meissner <meissner@suse.com>
- Update to version 1.4.0
* fix: ensure that LTO is supported (by Simo Sorce)
* fix: add LTO regression testing (by Ondrej Mosnacek)
* enhancement: add sm3sum, sm3hmac tools, add APIs kcapi_md_sm3, kcapi_md_hmac_sm3
* enhancement: add SM4 convenience functions
* fix: support AEAD encryption of arbitrary size with kcapi-enc
- removed libkcapi-fix-lto.patch (upstream)
-------------------------------------------------------------------
Tue Apr 26 12:44:40 UTC 2022 - Marcus Meissner <meissner@suse.com>
- use https url
-------------------------------------------------------------------
Tue Jul 27 08:03:48 UTC 2021 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 1.3.1
* fix: fix -Wconversion warnings (by Ondrej Mosnacek)
* fix: fix bad data types in _kcapi_common_send_meta (by Ondrej Mosnacek)
* fix: Version symbols to maintain ABI compatibility (by Simo Sorce)
* fix: disable io_getevents on systems that do not support it (by Khem Raj)
* fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged - as the
library does not store any sensitive data in data structures it owns, such
security precautions may not be necessary considering the benefit of
allowing regular debugging
* fix: ensure that sendmsg is always used as fallback when vmsplice cannot be
used
* enhancement: add kcapi_set_maxsplicesize and kcapi_get_maxsplicesize
* enhancement: the variable types are changed from int32_t to ssize_t and
from uint32_t to size_t to match common POSIX and Linux APIs
- Added libkcapi-fix-lto.patch
-------------------------------------------------------------------
Mon Aug 31 13:30:58 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 1.2.0:
* enhancement: kcapi-hasher: add madvise and 64 bit support by Brandur Simonsen
* fix: fix clang warnding in KDF implementation by Khem Raj
* fix: fix inverted logic in kcapi-main test logic reported by Ondrej Mosnáček
* fix: return error when iteration count is zero for PBKDF as reported by
Guido Vranken
* enhancement: add function kcapi_cipher_stream_update_last to indicate the
last block of a symmetric cipher stream operation
* disable XTS multithreaded tests as it triggers a race discussed in
https://github.com/smuellerDD/libkcapi/issues/92. The conclusion is
the following: xts(aes) doesn't support chaining requests like for other
ciphers such as CBC (at least as implemented in the kernel Crypto API).
That can be seen in `crypto/testmgr.h` - the ciphers that are expected to
return IVs usable for chaining have the `.iv_out` entries filled in in their
test vectors (and those that don't support it do not). One can see that only
CTR and CBC test vectors have them, not XTS.
Looking again at how XTS is defined, it seems one could implement
transparent chaining by simply decrypting the final tweak using the tweak
key and return it as the output IV... but I believe this has never been
mandated nor implemented in the Crypto API (likely because of the overhead
of the final tweak decryption, which would be pointless if you're not going
to use the output IV - and there is currently no way to signal to the driver
that you are going to need it).
* disable AIO parallel tests due to undefined behavior
-------------------------------------------------------------------
Wed Jan 8 07:23:22 UTC 2020 - Marcus Meissner <meissner@suse.com>
- updated to 1.1.5:
- Fix invocation of ansi_cprng in FIPS mode during testing
- Fix testing on kernels >= 5.0
- Add virtualization test for kernel 5.1
- Fix the limit between vmsplice() and sendmsg() by Christophe Leroy
- Fix remove code duplication by Ondrej Mosnáček
- Fix potential memleak in speed-test
- updated to 1.1.4:
- Fix: use sendmsg when processing more than 1<<16 bytes input data which improves performance on some architectures
- updated to 1.1.3:
- Fix: default location of FIPS 140-2 HMAC control file is .<orig file>.hmac (was accidentally moved to <orig file>.hmac with 1.1.0)
- updated to 1.1.2:
- Fix: Bug fixes for GCC 8.1.0 regarding string length checks by Krzysztof Kozlowski
- Enhancement: ensure that tests execute on architectures other than X86 by Ondrej Mosnáček
- Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c by Ondrej Mosnáček
- Test fix: Support test execution outside build environment by Ondrej Mosnáček
- updated to 1.1.1:
- Fix: Bug fixes for kcapi_hasher by Ondrej Mosnáček
- updated to 1.1.0:
- API Enhancement: Addition of kcapi_handle_reinit
- Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c
- Test enhancement: add IIV speed testing
- Fix: add a loop around the read system call to always obtain all generated data
- Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser)
- Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY)
- Fix: support for zero length files (patched by Ondrej Mosnáček)
- Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej Mosnáček)
- Fix: Add Travis CI test system provided by Ondrej Mosnáček
- Fix: Add several fixes to kcapi-hasher by Ondrej Mosnáček
- Fix: Add additional tests for kcapi-hasher by Ondrej Mosnáček
- Fix: Apply unpadding only to last block of data by Ondrej Mosnáček
- Fix: Fix resource leaks in error code paths suggested by Ondrej Mosnáček
- Enhancement: achieve hmaccalc CLI equivalence by Ondrej Mosnáček
- updated to 1.0.3:
- Fix: support STDIN and --tag of sha*sum applications
- Enhancement: Add small enhancements to support integration with distros -- reported by Björn Esser
- updated to 1.0.2:
- Fix: hasher-test.sh on 32-bit systems
- Fix: AIO return code handling on large number of requests -- reported by Jonathan Cameron
- Enhancement: disable coredumps of library
- Fix: remove unchecked -fstack-protector-strong from Makefile -- reported by Mathieu Malaterre
- Fix: document that kcapi_cipher_stream_op must be called in a loop to collect all data in a multhreaded environment.
- Test Fix: Update symmetric multithreaded stream test to invoke kcapi_cipher_stream_op in a loop to collect all data.
- Fix: Initialize the cipher handle on stack with zeros as the library expects a zero-initialized cipher handle. This fixes a possible segfault where free() is called on a non-initialized memory location.
- Fix: port algif_kpp and algif_akcipher to 4.15-rc3
- updated to 1.0.1:
- Fix: constify AEAD cipher input data
- Fix: use GCC byte swapping acceleration if present
- Fix: KDF counter handling on little endian systems when generating more than 255 blocks
- Use LD_PRELOAD for execution of test cases to force using of the freshly compiled binaries
- Fix: return code handling of _kcapi_common_vmsplice_chunk_fd as reported by Christophe Leroy
- Fix: return code handling in _kcapi_md_update
- Fix: kcapi-hasher now supports files larger than 2GB
- Fix: kcapi-dgst now supports files larger than 2GB
- Fix: use stack protector
- Fix: rename header guards to remove leading underscore as pointed out by Markus Elfring
- Test Fix: Allow compiing the test code without asymmetric and KPP support
- updated to 1.0.0:
- Fix: Small compile fixes for new checks of GCC 7
- API Change: Rename all LOG_* enums to KCAPI_LOG_* to prevent namespace poisoning
- Fix: soname and file name of library now compiles with conventions (thanks to Marcus Meissner)
- Fix: kcapi-rng.c: unify FD/syscall read code and fix __NR_getrandom resolution
- Enhancement: add kcapi-enc application to access symmetric encryption on command line
- Fix: consolidate duplicate code in kcapi-hasher
- Enhancement: add kcapi-dgst application to access hashes on command line
- Enhancement: add kcapi-rng man page
- Enhancement: add kcapi-rng --hex command line option
- Fix: enable full symmetric AIO support
- Fix: consolidate all test code into test/ and invoke all tests with test-invocation.sh
- Fix: fix memleaks in error code paths as reported by clang
- Fix: reduce memory footprint by rearranging data structures
- Fix: kcapi-hasher is now fully FIPS 140-2 compliant as it now includes the integrity test for libkcapi.so
- Enhancement: Add speed tests for MV-CESA accelerated ciphers and hash algorithms (thanks to Bastian Stender)
- Test Enhancement: add kcapi-enc-test-large.c test testing edge conditions of AF_ALG
- Test Enhancement: add virttest.sh - use of test system based on eudyptula-boot to test on linux-4.3.6, linux-4.4.86, linux-4.5, linux-4.7, linux-4.10, linux-4.12
- Test Enhancement: add kcapi-fuzz-test.sh to support fuzzing the AF_ALG interfaces
- Enhancement: add RPM SPEC file (tested with Fedora 26)
- API Change: replace --disable-lib-asym with --enable-lib-asym as the algif_akcipher.c kernel interface is not likely to be added to the kernel anytime soon
- API Enhancement: add KPP API which is not compiled by default, use --enable-lib-kpp (the algif_kpp.c kernel interface is not likely to be added to the Linux kernel any time soon)
- Test Enhancement: Add KPP tests
- Enhancement: Re-enable AIO support for symmetric and AEAD ciphers down to Linux kernels 4.1 and 4.7, respectively. This is due to integrating a fix against a kernel crash when using AIO.
- Fix: simply KDF code base
- API Enhancement: add message digest convenience functions kcapi_md_*sha*
- API Enhancement: add cipher convenience functions kcapi_cipher_*_aes_*
- API Enhancement: add rng convenience function kcapi_rng_get_bytes
- API Change: remove kcapi_aead_getdata, use kcapi_aead_getdata_input and kcapi_aead_getdata_output instead
- API Change: remove kcapi_aead_outbuflen, use kcapi_aead_outbuflen_enc and kcapi_aead_outbuflen_dec instead
- updated to 0.14.0:
- AIO: fix tracking of completed IOCBs
- speed-test: fix AEAD handling
- speed-test: fix time calculation
- compiler now warns a user of deprecated API calls
- AIO: handle kernel errors for algif_skcipher gracefully
- AIO: using multiple IOCB if algif_aead interface supports it
- ASYM: add PKCS1 tests
- AIO: add ASYM AIO support
- AIO: fix AEAD AIO fallback
- AIO: add AIO fallback testing
- replace enforcement of symmetric cipher limits with a log message only (the underlying kernel implementations should catch any errors)
- add fuzzing tests
- use autotools build system as provided by Georges Savoundararadj with additional considerations from Marcin Nowakowski (thanks a lot)
- ALG_MAX_PAGES restriction is gone with current AF_ALG interface
- add HKDF (RFC5869)
- add apps/kcapi-rng
- add support for multiple accepts where the caller maintains the opfd
- fix memleak in error case in PBKDF
- add multithreaded symmetric cipher tests
- enable full AIO support for kernels 4.13 and higher (fallback AIO implementation using synchronous support for earlier kernels) -- this is due to the broken AIO support for earlier kernels
- Add tests for the AAD copy operation to be supported for kernel 4.13
- dropped libkcapi-use-external-fipshmac.patch (done differently in upstream)
- dropped reproduciblesort.patch (done differently upstream)
- dropped reproducibledate.patch: merged upstream
- libkcapi.keyring imported
-------------------------------------------------------------------
Thu Dec 5 10:10:41 UTC 2019 - Martin Liška <mliska@suse.cz>
- Use %make_build and respect %optflags.
-------------------------------------------------------------------
Fri Sep 27 16:40:49 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
- Remove docbook-utils BuildRequires, xmlto is sufficient
- Spec file cleanup, use license macro, drop defattr, drop BuildRoot
-------------------------------------------------------------------
Wed Jul 12 14:51:26 UTC 2017 - meissner@suse.com
- Change the signing to use openssl sha256/sha512 directly, to
avoid fipscheck / hmaccalc.
-------------------------------------------------------------------
Sat Jul 8 14:04:41 UTC 2017 - bwiedemann@suse.com
- Add reproduciblesort.patch to always link .o files in the same order and
- Add reproducibledate.patch to not add current time to man-pages to fix build-compare
-------------------------------------------------------------------
Thu Jun 29 08:13:54 UTC 2017 - meissner@suse.com
- libkcapi-use-external-fipshmac.patch: use external fipshmac,
our chroots / vm builds do not necessarily have the right kernel.
-------------------------------------------------------------------
Wed Jun 28 08:03:30 UTC 2017 - jengelh@inai.de
- Compact descriptions a bit
- Remove libkcapi provide/requires
- Use %_libdir throughout and avoid /lib
-------------------------------------------------------------------
Thu Dec 22 14:03:43 UTC 2016 - abergmann@suse.com
- Initial release 0.13.0.
A library and tools to access the kernel crypto api.
FATE#323554 bsc#1045948

58
libkcapi.keyring Normal file
View File

@ -0,0 +1,58 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFqo+vgBCACp9hezmvJ4eeZv4PkyoMxGpXHN4Ox2+aofXxMv/yQ6oyZ69xu0
U0yFcEcSWbe4qhxB+nlOvSBRJ8ohEU3hlGLrAKJwltHVzeO6nCby/T57b6SITCbc
nZGIgKwX4CrJYmfQ4svvMGNDOORPk6SFkK7hhe1cWJb+Gc5czw3wy7By5c1Otlnb
mGB4k5+p7Mbi+rui/vLTKv7FKY5t2CpQoOxptxFc/yq9sMdBnsjvhcCHcl1kpnQP
TMppztWMj4Nkkd+Trvpym0WZ1px6+3kxhMn6LNYytHTCmf/qyf1+1/PIpyEXvx66
hxeN+fN/7R+0iYCisv3JTtfNkCV3QjGdKqT3ABEBAAG0HVN0ZXBoYW4gTXVlbGxl
ciA8c21AZXBlcm0uZGU+iQFOBBMBCAA4FiEEO8xD1NLIfReEtp7kQh7pNjJqwVsF
Alqo/M8CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQQh7pNjJqwVsV8gf+
OcAaiSqhn0mYkfC7Fe48n9InAkHiSQ/T7eN+wWYLYMWGG0N2z5gBnNfdc4oFVL+n
gye4C3bm98Iu7WnSl0CTOe1pKGFJg3Y7YzSa5/FzS9nKsg6iXpNWL5nSYyz8T9Q0
KGKNlAiyQEGkt8y05m8hNsvqkgDb923/RFfUYX4mTUXJ1vk/6SFCA/72JQN7PpwM
gGir7FNybuuDUuDLDgQ+BZHhJlW91XE2nwxUo9IrJ2FeT8GgFKzX8A//peRZTSSe
atJBr0HRKfTrKYw3lf897sddUjyQU1nDYv9EMLBvkzuE+gwUakt2rOcpR+4Fn5jk
QbN4vpfGPnybMAMMxW6GIrQfU3RlcGhhbiBNdWVsbGVyIDxzbUBjaHJvbm94LmRl
PokBTgQTAQgAOBYhBDvMQ9TSyH0XhLae5EIe6TYyasFbBQJaqPzEAhsDBQsJCAcC
BhUKCQgLAgQWAgMBAh4BAheAAAoJEEIe6TYyasFbsqUH/2euuyRj8b1xuapmrNUu
U4atn9FN6XE1cGzXYPHNEUGBiMkInPwZ/PFurrni7S22cMN+IuqmQzLo40izSjXh
RJAa165GoJSrtf7S6iwry/k1S9nY2Vc/dxW6qnFq7mJLAs0JWHOfhRe1caMb7P95
B+O5B35023zYr9ApdQ4+Lyk+xx1+i++EOxbTJVqLZEF1EGmOWh3ERcGyT05+1LQ8
4yDSCUxZVZFrbA2Mtg8cdyvu68urvKiOCHzDH/xRRhFxUz0+dCOGBFSgSfKI9cgS
009BdH3Zyg795QV6wfhNas4PaNPN5ArMAvgPH1BxtkgyMjUSyLQQDrmuqHnLzExE
QfG0JVN0ZXBoYW4gTXVlbGxlciA8c211ZWxsZXJAY2hyb25veC5kZT6JAU4EEwEI
ADgWIQQ7zEPU0sh9F4S2nuRCHuk2MmrBWwUCWqj6+AIbAwULCQgHAgYVCgkICwIE
FgIDAQIeAQIXgAAKCRBCHuk2MmrBWxVrB/wKYSuURgwKs2pJ2kmLIp34StoreNqe
6cdIF7f7e8o7NaT528hFAVuDSTUyjXO+idbC0P+zu9y2SZfQhc4xbD+Zf0QngX7/
sqIWVeiXJa6uR/qrtJF7OBEvlGkxcAwkC0d/Ts68ps4QbZ7s5qWBJJY4LmnytqvX
Gb63/fOTwImYiY3tKCOSCM2YQRFt6BO71t8tu/4NLk0KSW9OHa9nfcDqI18aVylG
Mu5zNjYqjJpT/be1UpyZo6I/7p0yAQfGJ5YBiN4S264mdFN7jOvxZE3NKXhL4QMt
34hOSWPOpW8ZGEo1hKjEdHFvYowPpcoOFicP+zvxdpMtUTEkppREN2a+uQENBFqo
+vgBCACiLHsDAX7C0l0sB8DhVvTDpC2CyaeuNW9GZ1Qqkenh3Y5KnYnh5Gg5b0ju
bSkauJ75YEOsOeClWuebL3i76kARC8Gfo727wSLvfIAcWhO1ws6j1Utc8s1HNO0+
vcGC9EEkn7LzO5piEUPkentjrSF7clPsXziW4IJq/z3DYZQkVPk7PSw6r0jXWR/p
6sj4aXxslIiDgFJZyopki7Sl2805JYcvKKC6OWTyPHJMlnu9dNxJviAentAUwzHx
NqmvYjlkqBr/sFnjC9kydElecVm4YQh3TC6yt5h49AslAVlFYfwQwcio1LNWyScl
WHbDZhcVZJZZi4++gpFmmg1AjyfLABEBAAGJATYEGAEIACAWIQQ7zEPU0sh9F4S2
nuRCHuk2MmrBWwUCWqj6+AIbIAAKCRBCHuk2MmrBWxPCCACQGQu5eOcH9qsqSOO6
4n+xUX7PG96S8s2JolN3Ft2YWKUzjVHLu5jxznmDwx+GJ3P7thrzW+V5XdDcXgSA
XW793TaJ/XMM0jEG+jgvuhE65JfWCK+8sumrO24M1KnVQigxrMpG5FT7ndpBRGbs
059QSqoMVN4x2dvaP81/+u0sQQ2EGrhPFB2aOA3s7bbWy8xGVIPLcCqByPLbxbHz
aU/dkiutSaYqmzdgrTdcuESSbK4qEv3g1i2Bw5kdqeY9mM96SUL8cGUokqFtVP7b
2mSfm51iNqlO3nsfwpRnl/IlRPThWLhM7/qr49GdWYfQsK4hbw0fo09QFCXN53MP
LhLwuQENBFqo+vgBCAClaPqyK/PUbf7wxTfu3ZBAgaszL98Uf1UHTekRNdYO7FP1
dWWT4SebIgL8wwtWZEqI1pydyvk6DoNF6CfRFq1lCo9QA4Rms7Qx3cdXu1G47ZtQ
vOqxvO4SPvi7lg3PgnuiHDUSTwo5a8+ojxbLzs5xExbx4RDGtykBoaOoLYeenn92
AQ//gN6wCDjEjwP2u39xkWXlokZGrwn3ytFE20rUTNCSLxdmoCr1faHzKmvql95w
mA7ahg5s2vM9/95W4G71lJhy2crkZIAH0fx3iOUbDmlZ3T3UvoLuyMToUyaQv5lo
0lV2KJOBGhjnAfmykHsxQu0RygiNwvO3TGjpaeB5ABEBAAGJATYEGAEIACAWIQQ7
zEPU0sh9F4S2nuRCHuk2MmrBWwUCWqj6+AIbDAAKCRBCHuk2MmrBW5Y4B/oCLcRZ
yN0ETep2JK5CplZHHRN27DhL4KfnahZv872vq3c83hXDDIkCm/0/uDElso+cavce
g5pIsoP2bvEeSJjGMJ5PVdCYOx6r/Fv/tkr46muOvaLdgnphv/CIA+IRykwyzXe3
bsucHC4a1fnSoTMnV1XhsIh8zWTINVVO8+qdNEv3ix2nP5yArexUGzmJV0HIkKm5
9wCLz4FpWR+QZru0i8kJNuFrdnDIP0wxDjiVBifPhiegBv+/z2DOj8D9EI48Kagd
QP7MY7q/u1n3+pGTwa+F1hoGo5IOU5MnwVv7UHiW1MSNQ2/kBFBHm+xdudNab2U0
OpfqrWerOw3WcGd2
=b9/d
-----END PGP PUBLIC KEY BLOCK-----

163
libkcapi.spec Normal file
View File

@ -0,0 +1,163 @@
#
# spec file for package libkcapi
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: libkcapi
Version: 1.4.0
Release: 0
Summary: Linux Kernel Crypto API User Space Interface Library
License: GPL-2.0-only
Group: Productivity/Security
URL: https://www.chronox.de/libkcapi.html
Source: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz
Source1: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc
Source2: libkcapi.keyring
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: openssl
BuildRequires: xmlto
%description
libkcapi exports APIs so that developers need not consider the low-level
Netlink interface handling that is used for accesing the Linux kernel crypto
API.
%package -n libkcapi1
Summary: Linux Kernel Crypto API User Space Interface Library
Group: System/Libraries
%description -n libkcapi1
libkcapi allows user-space to access the Linux kernel crypto API.
%package devel
Summary: Linux Kernel Crypto API User Space Interface Library
Group: Development/Languages/C and C++
Requires: libkcapi1 = %{version}
%description devel
libkcapi exports APIs so that developers need not consider the low-level
Netlink interface handling that is used for accesing the Linux kernel crypto
API.
The library does not implement any cipher algorithms. All consumer requests are
sent to the kernel for processing. Results from the kernel crypto API are
returned to the consumer via the library API.
The kernel interface and therefore this library can be used by unprivileged
processes.
This library does not perform any memcpy for processing the cryptographic data!
The library uses scatter / gather lists to eliminate the need for moving data
around in memory.
%package tools
Summary: Linux Kernel Crypto API User Space Tools
Group: Development/Tools/Other
%description tools
libkcapi user space tools to access certain hash algorithms.
%prep
%autosetup -p1
%build
autoreconf -i
%configure \
--disable-static \
--enable-kcapi-test \
--enable-kcapi-speed \
--enable-kcapi-hasher \
--enable-kcapi-rngapp \
--enable-kcapi-encapp \
--enable-kcapi-dgstapp
make %{?_smp_mflags}
%install
make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/%{_libexecdir}/libkcapi/ %{?_smp_mflags}
rm %{buildroot}/%_libdir/libkcapi.la
mkdir -p %{buildroot}/%{_libexecdir}/libkcapi/
mv %{buildroot}/usr/bin/* %{buildroot}/%{_libexecdir}/libkcapi/
mv %{buildroot}/usr/bin/.??* %{buildroot}/%{_libexecdir}/libkcapi/
# Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.fipscheck.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.fipshmac.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha1sum.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha256sum.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha384sum.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha512sum.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha1hmac.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha256hmac.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha384hmac.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha512hmac.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libdir/libkcapi.so|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libdir/libkcapi.so.1|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.1.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libdir/libkcapi.so.%version|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.%version.hmac \
%{nil}
%post -n libkcapi1 -p /sbin/ldconfig
%postun -n libkcapi1 -p /sbin/ldconfig
%files -n libkcapi1
%license COPYING
%doc CHANGES.md
%{_libdir}/libkcapi.so.1.*
%{_libdir}/libkcapi.so.1
%{_libdir}/.libkcapi.so.1*
%files devel
%{_includedir}/kcapi.h
%{_mandir}/man3/*
%{_libdir}/libkcapi.so
%{_libdir}/.libkcapi.so.hmac
%{_libdir}/pkgconfig/libkcapi.pc
%files tools
%dir %{_libexecdir}/libkcapi
%{_libexecdir}/libkcapi/*sum*
%{_libexecdir}/libkcapi/*hmac*
%{_libexecdir}/libkcapi/.*.hmac
%{_libexecdir}/libkcapi/kcapi
%{_libexecdir}/libkcapi/kcapi-convenience
%{_libexecdir}/libkcapi/compile-test.sh
%{_libexecdir}/libkcapi/hasher-test.sh
%{_libexecdir}/libkcapi/kcapi-convenience.sh
%{_libexecdir}/libkcapi/kcapi-dgst-test.sh
%{_libexecdir}/libkcapi/kcapi-enc-test-large
%{_libexecdir}/libkcapi/kcapi-enc-test-large.sh
%{_libexecdir}/libkcapi/kcapi-enc-test.sh
%{_libexecdir}/libkcapi/kcapi-fuzz-test.sh
%{_libexecdir}/libkcapi/fipscheck
%{_libexecdir}/libkcapi/kcapi-dgst
%{_libexecdir}/libkcapi/kcapi-enc
%{_libexecdir}/libkcapi/kcapi-rng
%{_libexecdir}/libkcapi/kcapi-speed
%{_libexecdir}/libkcapi/libtest.sh
%{_libexecdir}/libkcapi/test-invocation.sh
%{_libexecdir}/libkcapi/test.sh
%{_libexecdir}/libkcapi/virttest.sh
%{_mandir}/man1/kcapi*
%changelog